github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-21 07:42:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
277 Commits 3 Branches 0 Tags
fd630e6dbd44fcb50449375057bfc08dfd0ce4a9
Commit Graph

14 Commits

Author SHA1 Message Date
Trong Huu Nguyen
aab249d78a refactor(jwt): skip parsing access tokens 
Access Tokens are not necessarily JWTs. We also don't
have to validate them as we only pass it on as an opaque
string.

This also means that we don't log the JTI access tokens
anymore.

We also simplify handling of oidc callbacks.
 2022-07-14 12:14:25 +02:00
Trong Huu Nguyen
debf97efda feat(session): store metadata 2022-07-04 15:18:36 +02:00
Trong Huu Nguyen
497cf9fba7 feat: store refresh tokens in session 2022-07-04 15:18:34 +02:00
Trong Huu Nguyen
18fffcc755 deps: migrate from lestrrat-go/jwx to lestrrat-go/jwx/v2 2022-05-05 11:09:03 +02:00
Trong Huu Nguyen
b449ab2191 refactor: token -> jwt for accuracy 2022-02-03 11:41:43 +01:00
Trong Huu Nguyen
eeccebc5dd feat: log jwt IDs for tracability 2022-02-03 11:41:42 +01:00
Trong Huu Nguyen
3a35584a21 refactor: restructure and group related packages into subpackages 2021-10-20 09:03:14 +02:00
Trong Huu Nguyen
8711f6e0d3 style: clean up imports 2021-10-16 10:25:47 +02:00
Trong Huu Nguyen
f73b4605a1 refactor: use encrypted cookie as session fallback 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-04 13:17:04 +02:00
Trong Huu Nguyen
cc8ba980ca refactor: deduplicate crypto operations for sessions 2021-09-30 18:27:53 +02:00
Trong Huu Nguyen
2ec1b7ace9 feat: encrypt session data 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-30 13:47:29 +02:00
Trong Huu Nguyen
5da34f0139 fix: include id_token_hint on self-initiated logout 
This is required when including the post_logout_redirect_uri
parameter.
 2021-08-25 11:55:36 +02:00
Trong Huu Nguyen
e83542b046 fix: prefix local session keys to prevent collisions 
`sid` is a key that refers to the user's unique SSO session at the
Identity Provider, and the same key is present in all tokens
acquired by any Relying Party (such as Wonderwall) during that session.
Thus, we cannot assume that the value of `sid` to uniquely identify the
pair of (user, application session) if using a shared session store.
 2021-08-25 11:26:24 +02:00
Kim Tore Jensen
15a7c14324 redis and in-memory session store 2021-08-24 12:49:23 +02:00